To keep you informed of recent activities, below are several of the most significant federal and state events that have influenced the Consumer Financial Services industry over the past week:
CFPB Spotlights Fees in School Lunch Payment Platforms
On July 25, the Consumer Financial Protection Bureau (CFPB or Bureau) released an Issue Spotlight focusing on the fees associated with electronic payment platforms used by school districts to process school lunch payments. In its report, the CFPB emphasized the costs of electronic payments in K-12 schools and the potential financial strain these fees could place on lower income families.
Troutman Pepper Weekly Consumer Financial Services Newsletter – July 25, 2025
To keep you informed of recent activities, below are several of the most significant federal and state events that have influenced the Consumer Financial Services industry over the past week:
CFPB Tries to Stretch Section 1057 of the CFPA to Reach Nondisclosure Agreements
Yesterday, the Consumer Financial Protection Bureau (CFPB or Bureau) issued Circular 2024-04 warning financial institutions about the potential illegality of nondisclosure agreements (NDAs) that could deter whistleblowing. Specifically, the Bureau addressed whether requiring employees to sign broad confidentiality agreements violates § 1057 of the Consumer Financial Protection Act (CFPA). According to the CFPB, the answer is “yes” under circumstances that could lead an employee to reasonably believe that they would be sued or subject to other adverse actions if they disclosed suspected violations of federal consumer financial law to government investigators or a law enforcement agency.
Understanding Access vs. Acquisition
Dear Mary,
Each of the 50 states has its own definition of what constitutes a reportable data breach. For some, it requires “unauthorized access” to personal information. For others, it requires “unauthorized acquisition.” And then, some states have further qualifications to their definition, such as whether that unauthorized access or acquisition “compromises” or “materially compromises” the integrity, security, or confidentiality of the data. No states (apart from New York) define access or acquisition, and no state defines compromise vs. material compromise. How would you suggest analyzing all these varying terms?
– Patchwork
Highlights from the CFPB’s Spring 2024 Semi-Annual Regulatory Agenda
The Consumer Financial Protection Bureau (CFPB or Bureau) recently released its semi-annual regulatory agenda, outlining its planned rulemaking initiatives. The CFPB releases regulatory agendas twice a year in voluntary conjunction with a broader initiative led by the Office of Budget and Management to publish a Unified Agenda of Regulatory and Deregulatory actions across the federal government. This agenda includes a mix of rules in the pre-rulemaking, proposed rule, and final rule stages, covering a wide range of topics from mortgage closing costs to financial data transparency. The CFPB has not yet posted a blog or issued a press release about the agenda.
CFPB Says Earned Wage Access Products Are Subject to the Truth in Lending Act
Yesterday, the Consumer Financial Protection Bureau (CFPB or Bureau) issued a proposed interpretive rule opining that earned wage access (EWA) products — whether provided through employer partnerships or marketed directly to borrowers — are subject to Truth in Lending Act (TILA) and Regulation Z requirements. The proposed rule’s broad definitions and aggressive stance on fees and tips as finance charges conflict with many state laws and could lead to litigation.
CFPB Moves to Dissolve Preliminary Injunction and Supplements Motion to Transfer in Credit Card Late Fee Rule Case; Court Immediately Requests Further Briefing
Yesterday, the Consumer Financial Protection Bureau (CFPB or Bureau) filed a brief in the U.S. District Court for the Northern District of Texas in support of its motion to dissolve the preliminary injunction that has stayed the implementation of its credit card late fee rule. Concurrently, the Bureau also filed a notice of supplemental authority in support of their motion to dismiss or transfer on the grounds that the Fort Worth Chamber of Commerce does not have associational standing to bring the suit. Within hours, the court issued an order requiring further briefing on the issue of associational standing.
Understanding Breach Notification Obligations Under California Law: What Does the CCPA Require?
Dear Mary,
I am the privacy compliance officer at a cloud-based software company. We recently experienced an incident where, although none of our client’s data was compromised, it appears that our employees’ information may have been copied and removed from our environment. This information includes employees’ full names, salaries, and salary schedules. All of our employees reside in California, and given the CCPA’s broad definition of personal information, I am assuming notification will be required?
– Frowning in Fresno
After Multiple Attempts, Missouri Becomes Latest State to Enact Commercial Financing Disclosure Law
After several attempts in the Missouri legislature, last week Governor Mike Parson signed a Commercial Financing Disclosure Law. This legislation requires certain disclosures to be made by providers of commercial purpose closed-end and open-end loans, and sales-based financing transactions. The law will take effect six months after the Division of Finance finalizes promulgating rules or on February 28, 2025, if the Division does not intend to promulgate rules.